Skip to content

Commit

Permalink
Refactor.
Browse files Browse the repository at this point in the history
  • Loading branch information
@fniessink
fniessink committed Nov 24, 2020
1 parent 147dc96 commit 006b5ac
Show file tree
Hide file tree
Showing 3 changed files with 13 additions and 23 deletions.
4 changes: 3 additions & 1 deletion components/frontend/src/App.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -212,7 +212,9 @@ class App extends Component {
render() {
const report_date = this.report_date();
const current_report = this.state.reports.filter((report) => report.report_uuid === this.state.report_uuid)[0] || null;
const readOnly = this.state.user === null || this.state.report_date_string || this.state.report_uuid.slice(0, 4) === "tag-";
const editors = this.state.reports_overview.editors || [];
const editor = editors.length === 0 || editors.includes(this.state.user) || editors.includes(this.state.email);
const readOnly = this.state.user === null || this.state.report_date_string || this.state.report_uuid.slice(0, 4) === "tag-" || !editor;
const props = {
reload: (json) => this.reload(json), report_date: report_date, reports: this.state.reports, history: this.history
};
Expand Down
3 changes: 1 addition & 2 deletions components/server/src/routes/auth.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -120,8 +120,7 @@ def login(database: Database) -> Dict[str, Union[bool, str]]:
verified, email = verify_user(username, password)
if verified:
create_session(database, username, email)
editors = reports.latest_reports_overview(database).get("editors", [])
return dict(ok=verified, email=email, editor=not editors or username in editors or email in editors)
return dict(ok=verified, email=email)


@bottle.post("/api/v3/logout")
Expand Down
29 changes: 9 additions & 20 deletions components/server/tests/routes/test_auth.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -81,7 +81,7 @@ def test_successful_forwardauth_login(self, connection_mock, connection_enter):
connection_mock.return_value = None
with patch.dict("os.environ", {"FORWARD_AUTH_ENABLED": "True", "FORWARD_AUTH_HEADER": "X-Forwarded-User"}):
with patch("bottle.request.get_header", Mock(return_value=self.user_email)):
self.assertEqual(dict(ok=True, email=self.user_email, editor=True), auth.login(self.database))
self.assertEqual(dict(ok=True, email=self.user_email), auth.login(self.database))
self.assert_cookie_has_session_id()
connection_mock.assert_not_called()
connection_enter.assert_not_called()
Expand All @@ -91,7 +91,7 @@ def test_forwardauth_login_no_header(self, connection_mock, connection_enter):
connection_mock.return_value = None
with patch.dict("os.environ", {"FORWARD_AUTH_ENABLED": "True", "FORWARD_AUTH_HEADER": "X-Forwarded-User"}):
with patch("bottle.request.get_header", Mock(return_value=None)):
self.assertEqual(dict(ok=False, email=None, editor=True), auth.login(self.database))
self.assertEqual(dict(ok=False, email=None), auth.login(self.database))
connection_mock.assert_not_called()
connection_enter.assert_not_called()

Expand All @@ -100,18 +100,7 @@ def test_successful_login(self, connection_mock, connection_enter):
connection_mock.return_value = None
self.ldap_entry.userPassword.value = b"{SSHA}W841/YybjO4TmqcNTqnBxFKd3SJggaPr"
connection_enter.return_value = self.ldap_connection
self.assertEqual(dict(ok=True, email=self.user_email, editor=True), auth.login(self.database))
self.assert_cookie_has_session_id()
self.assert_ldap_lookup_connection_created(connection_mock)
self.assert_ldap_connection_search_called()

def test_successful_login_without_edit_rights(self, connection_mock, connection_enter):
"""Test successful login."""
self.database.reports_overviews.find_one.return_value = dict(_id="id", editors=["jenny"])
connection_mock.return_value = None
self.ldap_entry.userPassword.value = b"{SSHA}W841/YybjO4TmqcNTqnBxFKd3SJggaPr"
connection_enter.return_value = self.ldap_connection
self.assertEqual(dict(ok=True, email=self.user_email, editor=False), auth.login(self.database))
self.assertEqual(dict(ok=True, email=self.user_email), auth.login(self.database))
self.assert_cookie_has_session_id()
self.assert_ldap_lookup_connection_created(connection_mock)
self.assert_ldap_connection_search_called()
Expand All @@ -121,7 +110,7 @@ def test_successful_bind_login(self, connection_mock, connection_enter):
connection_mock.return_value = None
self.ldap_entry.userPassword.value = None
connection_enter.return_value = self.ldap_connection
self.assertEqual(dict(ok=True, email=self.user_email, editor=True), auth.login(self.database))
self.assertEqual(dict(ok=True, email=self.user_email), auth.login(self.database))
self.assert_cookie_has_session_id()
self.assert_ldap_lookup_connection_created(connection_mock)
self.assert_ldap_bind_connection_created(connection_mock)
Expand All @@ -132,7 +121,7 @@ def test_successful_bind_login(self, connection_mock, connection_enter):
def test_login_server_error(self, logging_mock, connection_mock, connection_enter):
"""Test login when a server creation error occurs."""
connection_mock.return_value = None
self.assertEqual(dict(ok=False, email="", editor=True), auth.login(self.database))
self.assertEqual(dict(ok=False, email=""), auth.login(self.database))
connection_mock.assert_not_called()
connection_enter.assert_not_called()
self.assert_log(logging_mock, exceptions.LDAPServerPoolError, USERNAME)
Expand All @@ -143,7 +132,7 @@ def test_login_bind_error(self, logging_mock, connection_mock, connection_enter)
connection_mock.return_value = None
self.ldap_connection.bind.return_value = False
connection_enter.return_value = self.ldap_connection
self.assertEqual(dict(ok=False, email="", editor=True), auth.login(self.database))
self.assertEqual(dict(ok=False, email=""), auth.login(self.database))
connection_mock.assert_called_once()
self.ldap_connection.bind.assert_called_once()
self.assert_log(logging_mock, exceptions.LDAPBindError, self.lookup_user_dn)
Expand All @@ -154,7 +143,7 @@ def test_login_search_error(self, logging_mock, connection_mock, connection_ente
connection_mock.return_value = None
self.ldap_connection.search.side_effect = exceptions.LDAPResponseTimeoutError
connection_enter.return_value = self.ldap_connection
self.assertEqual(dict(ok=False, email="", editor=True), auth.login(self.database))
self.assertEqual(dict(ok=False, email=""), auth.login(self.database))
connection_mock.assert_called_once()
self.ldap_connection.bind.assert_called_once()
self.assert_log(logging_mock, exceptions.LDAPResponseTimeoutError, USERNAME)
Expand All @@ -165,7 +154,7 @@ def test_login_password_hash_error(self, logging_mock, connection_mock, connecti
connection_mock.return_value = None
self.ldap_entry.userPassword.value = b"{XSHA}whatever-here"
connection_enter.return_value = self.ldap_connection
self.assertEqual(dict(ok=False, email=self.user_email, editor=True), auth.login(self.database))
self.assertEqual(dict(ok=False, email=self.user_email), auth.login(self.database))
self.assert_ldap_connection_search_called()
self.assertEqual("Only SSHA LDAP password digest supported!", logging_mock.call_args_list[0][0][0])
self.assert_log(logging_mock, exceptions.LDAPInvalidAttributeSyntaxResult, self.user_dn, self.user_email)
Expand All @@ -176,7 +165,7 @@ def test_login_wrong_password(self, logging_mock, connection_mock, connection_en
connection_mock.return_value = None
self.ldap_entry.userPassword.value = b"{SSHA}W841/abcdefghijklmnopqrstuvwxyz0"
connection_enter.return_value = self.ldap_connection
self.assertEqual(dict(ok=False, email=self.user_email, editor=True), auth.login(self.database))
self.assertEqual(dict(ok=False, email=self.user_email), auth.login(self.database))
self.assert_ldap_connection_search_called()
self.assert_log(logging_mock, exceptions.LDAPInvalidCredentialsResult, self.user_dn, self.user_email)

Expand Down

0 comments on commit 006b5ac

Please sign in to comment.